Client-side anti exploit question

HolySwordExcaIiber · December 15, 2021, 12:46pm

I’ve done next to no anti-exploit but have a very clear idea on how to stop the most detrimental exploits, what I’m wondering is obviously client-side exploits can be disabled etc… but what I am wondering is do they just disable or delete the client script doing the anti exploit? If that is that case why can’t you just sprinkle the same anti exploit function inside of multiple of your vital client-side script so if they are disabled or something then they can exploit that feature but they also will be able to do absolutely nothing if their say “input” and “combat” scripts are disabled making the exploit useless??

I’m just wondering if I’m wrong on how they actually disable client-side anti-exploit?

JarodOfOrbiter · December 15, 2021, 12:53pm

They can do whatever they want. Maybe the most common exploit deletes a whole script, but you couldn’t stop them if they deleted a script and then added a new one to replace the lost functionality. They can, after all, steal your scripts for their own purposes. If they’re clever, they can also disable only parts of your script.

Moleza · December 15, 2021, 2:04pm

Each time you use Remote events, [Client will send data to server]

some hackers change data and values, what you can do is

[You created a logic that: The server has already a module containing all information about what is True, and all items and things about the game ]

Anything that is different from what the server knows, would result in a [Perma-Ban]
this can kill many exploiters that don’t know what they are doing, BUT, they know how
to modify values.

The only way to replicate to others players some action is:

If the server accept the Data that the [Client] sent.
otherwise nothing will happen,

you can create locally some preventions before firing a Remote event like:

--Local Script
if "the player is Level highter than X" and "has some Item X" then
Fire remote event,

Normal players would ocasionally stop at this parameter,

whatever, if an exploiter bypass this thinking that they were smart…
Then, in the server-side
the server has this logic:

[Since the client fired the remote event, then probally their data is true… but i’ll check
if everything is ok]

--Server Script Remote Event activated

if "Player level is highter than X" and "has some specific Item" then
--Run the function ( alright, the client is not lying, Trusted )

--Server Script Remote Event activated

else if "player level is lesser than X" or "the item is missing or maybe the item is == nil" then
-- the player modified something, preparing to kill some exploiter

in the end, this is the best you can do to prevent many exploitable situations